CVE-2022-40304 | Severity.io

Description

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Related CPE's

Vulnerable

active_iq_unified_manager

Vulnerable

clustered_data_ontap

Vulnerable

clustered_data_ontap_antivirus_connector

Vulnerable

manageability_software_development_kit

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

o

apple

macos

2

Vulnerable

Vulnerable

References

http://seclists.org/fulldisclosure/2022/Dec/21

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/24

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/25

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/26

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/27

https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b

PatchThird Party Advisory

https://gitlab.gnome.org/GNOME/libxml2/-/tags

Release NotesThird Party Advisory

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

PatchRelease NotesThird Party Advisory

https://security.netapp.com/advisory/ntap-20221209-0003/

Third Party Advisory

https://support.apple.com/kb/HT213531

Third Party Advisory

https://support.apple.com/kb/HT213533

Third Party Advisory

https://support.apple.com/kb/HT213534

Third Party Advisory

https://support.apple.com/kb/HT213535

Third Party Advisory

https://support.apple.com/kb/HT213536

Third Party Advisory

Weaknesses

[email protected]

Primary

CWE-415

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 · High

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-11-23T18:15:12.167

2 years ago

Last modified

2023-11-07T03:52:15.353

1 year ago